My logs, need help

[sfuller312]

DDS (Version 1.0) - NTFSx86
Run by Sam at 19:22:36.12 on Sat 12/06/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1258 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\system32\wsc32x.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\gmer.exe
C:\Documents and Settings\Sam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=2080201
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: {01b56d0e-a13c-475e-9e19-8bc59c0cf793} - c:\windows\system32\ajfhkx.dll
BHO: {056cfca0-89ae-432c-b2b9-9e050d18c88a} - c:\windows\system32\hbqybk.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - c:\windows\system32\awtrSjGx.dll
BHO: {FA04D40B-8E16-438F-9F80-58AB4556FD17} - c:\windows\system32\yayVllLB.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe"
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\program files\mozilla firefox\plugins\NPSWF32_FlashUtil.exe -p
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe
mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe"
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [spywareguard] c:\program files\spyware guard 2008\spywareguard.exe
mRun: [3082955c] rundll32.exe "c:\windows\system32\fdhduism.dll",b
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\filebo~1.lnk - c:\program files\filebx\FileBX.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys\wusbf54g\wlMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: awtrSjGx - awtrSjGx.dll
AppInit_DLLs: ajfhkx.dll
SSODL: OLESys - {C4F2C9C8-193E-4D02-9AF7-0B7D6B21E8FB} - c:\documents and settings\all users\application data\microsoft\internet explorer\OLESys.dll
SSODL: Explorer - {1BBBAA04-88CF-482F-A0BF-661E085A12AB} - c:\documents and settings\all users\application data\microsoft\protect\ynlmwdapqw.dll
SEH: {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - c:\windows\system32\awtrSjGx.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayVllLB

============= SERVICES / DRIVERS ===============

R1 DLARTL_M;DLARTL_M;c:\windows\system32\drivers\DLARTL_M.SYS [2008-2-1 28184]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\linksys\wusbf54g\NICServ.exe [2008-2-14 530432]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-8 36368]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service []
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-8 280392]
R3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);c:\windows\system32\drivers\zd1211Bu.sys [2008-2-14 402432]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-8 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-8 923216]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-8 566872]

=============== Created Last 30 ================

2008-12-06 19:21 250 a------- c:\windows\gmer.ini
2008-12-06 19:16 <DIR> --d-h--- c:\windows\PIF
2008-12-06 19:15 1,479,822 ---sh--- c:\windows\system32\msiudhdf.ini
2008-12-06 19:15 72,704 a------- c:\windows\system32\fdhduism.dll
2008-12-06 19:12 129,024 a------- c:\windows\system32\ajfhkx.dll
2008-12-06 19:12 129,024 a------- c:\windows\system32\mpnixxvc.dll
2008-12-04 19:53 129,024 a------- c:\windows\system32\pocfdn.dll
2008-12-04 19:53 129,024 a------- c:\windows\system32\thvjhaao.dll
2008-12-04 19:50 1,481,727 ---sh--- c:\windows\system32\fkweiegp.ini
2008-12-04 19:50 72,704 a------- c:\windows\system32\pgeiewkf.dll
2008-12-04 19:48 <DIR> --d----- c:\program files\Spyware Guard 2008
2008-12-04 19:48 59,909 a------- c:\docume~1\alluse~1\applic~1\winlogon.exe
2008-12-04 19:47 232,960 a------- c:\windows\system32\tofusnal.exe
2008-12-04 19:45 114,688 a------- c:\windows\system32\hbqybk.dll
2008-12-04 19:45 114,688 a------- c:\windows\system32\tvhkdxnc.dll
2008-12-02 22:43 864,726 a--sh--- c:\windows\system32\BLllVyay.ini2
2008-12-02 22:43 864,726 a--sh--- c:\windows\system32\BLllVyay.ini
2008-12-02 22:43 302,592 a------- c:\windows\system32\yayVllLB.dll
2008-12-02 22:38 25,600 a------- c:\windows\system32\khfExuSk.dll
2008-12-02 22:38 25,600 a------- c:\windows\system32\awtrSjGx.dll
2008-12-02 22:38 32,256 a------- c:\windows\system32\~.exe
2008-11-23 15:25 <DIR> --d----- c:\documents and settings\sam\110 Beta Backup
2008-11-12 19:07 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 19:07 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-12-04 19:48 1,003,957 a------- c:\windows\sysexplorer.exe
2008-12-04 19:48 294,912 a------- c:\windows\system32\wsc32x.exe
2008-12-04 19:48 134,149 a------- c:\windows\reged.exe
2008-12-04 19:48 18,941 a------- c:\windows\vmreg.dll
2008-12-04 19:48 51,197 a------- c:\windows\spoolsystem.exe
2008-12-04 19:48 50,620 a------- c:\windows\sys.com
2008-12-04 19:48 47,872 a------- c:\windows\syscert.exe
2008-12-04 19:48 2,271 a------- c:\windows\system32\TDSSmqvuknkq.dll
2008-12-04 19:48 73,728 a------- c:\windows\system32\TDSScdetysef.dll
2008-12-04 19:48 31,232 a------- c:\windows\system32\TDSSjaxpxebi.dll
2008-12-04 19:48 29,696 a------- c:\windows\system32\TDSSvvotpnnt.dll
2008-12-04 19:48 35,840 a------- c:\windows\system32\TDSScfkocjwh.dll
2008-11-30 19:21 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2008-11-28 12:18 23,634 a------- c:\windows\War3Unin.dat
2008-11-23 15:34 83,232 a------- c:\windows\DIIUnin.dat
2008-11-23 15:28 21,840 a------t c:\windows\system32\SIntfNT.dll
2008-11-23 15:28 17,212 a------t c:\windows\system32\SIntf32.dll
2008-11-23 15:28 12,067 a------t c:\windows\system32\SIntf16.dll
2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 07:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-09 18:56 78,659 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-08 05:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-05-18 21:53 168 ---shr-- c:\windows\system32\F994C0F45D.sys
2008-05-18 21:53 4,598 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:23:27.23 ===============

[sUBs]

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.

[sfuller312]

Quote:

Originally Posted by sUBs

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.

thanks for the concern and quick reply

after combofix my computer seems to be running better, heres the log

ComboFix 08-12-06.06 - Sam 2008-12-07 0:29:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1344 [GMT -5:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sam\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll
c:\documents and settings\All Users\Application Data\Microsoft\Protect\ie.dll
c:\documents and settings\All Users\Application Data\winlogon.exe
c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\conf.cfg
c:\program files\Spyware Guard 2008\mbase.vdb
c:\program files\Spyware Guard 2008\quarantine.vdb
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\spywareguard.exe
c:\program files\Spyware Guard 2008\uninstall.exe
c:\program files\Spyware Guard 2008\vbase.vdb
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\~.exe
c:\windows\system32\ajfhkx.dll
c:\windows\system32\awtrSjGx.dll
c:\windows\system32\BLllVyay.ini
c:\windows\system32\BLllVyay.ini2
c:\windows\system32\fdhduism.dll
c:\windows\system32\fkweiegp.ini
c:\windows\system32\hbqybk.dll
c:\windows\system32\khfExuSk.dll
c:\windows\system32\mpnixxvc.dll
c:\windows\system32\msiudhdf.ini
c:\windows\system32\pgeiewkf.dll
c:\windows\system32\pocfdn.dll
c:\windows\system32\TDSScdetysef.dll
c:\windows\system32\TDSScfkocjwh.dll
c:\windows\system32\TDSSimvhackf.dat
c:\windows\system32\TDSSjaxpxebi.dll
c:\windows\system32\TDSSmqvuknkq.dll
c:\windows\system32\TDSSvvotpnnt.dll
c:\windows\system32\TDSSwovmjqqc.log
c:\windows\system32\thvjhaao.dll
c:\windows\system32\tvhkdxnc.dll
c:\windows\system32\wsc32x.exe
c:\windows\system32\yayVllLB.dll
c:\windows\vmreg.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 19:21 . 2008-12-06 19:21 250 --a------ c:\windows\gmer.ini
2008-12-06 19:16 . 2008-12-06 19:16 <DIR> d--h----- c:\windows\PIF
2008-12-04 19:47 . 2008-12-04 19:47 232,960 --a------ c:\windows\system32\tofusnal.exe
2008-11-23 15:25 . 2008-11-23 15:25 <DIR> d-------- c:\documents and settings\Sam\110 Beta Backup
2008-11-12 19:07 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 19:07 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 05:20 --------- d-----w c:\program files\dl_cats
2008-12-07 05:19 --------- d-----w c:\documents and settings\Sam\Application Data\VMware
2008-12-07 05:19 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2008-12-07 05:19 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-11-28 17:44 --------- d-----w c:\program files\Warcraft III
2008-11-13 03:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-13 01:03 --------- d-----w c:\program files\StealthBot
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 18:40 --------- d-----w c:\documents and settings\Sam\Application Data\Move Networks
2008-05-19 02:53 168 --sh--r c:\windows\system32\F994C0F45D.sys
2008-05-19 02:53 4,598 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-13 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-26 299008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-14 307200]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-06 106496]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 55856]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-02-01 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Explorer"= {1BBBAA04-88CF-482F-A0BF-661E085A12AB} - c:\documents and settings\All Users\Application Data\Microsoft\Protect\ynlmwdapqw.dll [2008-12-04 928256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ajfhkx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Diablo\\diablo.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\Linksys\WUSBF54G\NICServ.exe [2008-02-14 530432]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-11-08 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-11-08 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2007-11-08 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-11-08 566872]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service []
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-11-08 280392]
R3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);c:\windows\system32\DRIVERS\zd1211Bu.sys [2008-02-14 402432]
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{01b56d0e-a13c-475e-9e19-8bc59c0cf793} - c:\windows\system32\ajfhkx.dll
BHO-{056cfca0-89ae-432c-b2b9-9e050d18c88a} - c:\windows\system32\hbqybk.dll
BHO-{4CB6C6C4-70DA-4A0E-94D4-64EB0D52573C} - c:\windows\system32\yayVllLB.dll
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
SSODL-OLESys-{C4F2C9C8-193E-4D02-9AF7-0B7D6B21E8FB} - c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\ibrwmlzc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 00:34:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\qoobox\Quarantine\C\WINDOWS\system32\wsc32x.exe.vir10318}
c:\program files\Linksys\WUSBF54G\wlMonitor.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dlcxcoms.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2008-12-07 0:37:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 05:37:38

Pre-Run: 250,905,157,632 bytes free
Post-Run: 252,564,619,264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

235 --- E O F --- 2008-11-13 03:54:01

[sUBs]

Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/320915-my-logs-need-help.html#post1842774
Collect::
c:\windows\system32\tofusnal.exe
c:\documents and settings\All Users\Application Data\Microsoft\Protect\ynlmwdapqw.dll 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Explorer"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------


In your next post, please include fresh logs from:

1. Online scan
2. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[sfuller312]

thanks again for the support!! :)

computer seems to be working fine

i think im gonna set up avg free now, hopefully ill be safer then

thanks !!!


ComboFix 08-12-06.06 - Sam 2008-12-07 0:54:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1357 [GMT -5:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sam\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Protect\ynlmwdapqw.dll
c:\windows\system32\tofusnal.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 19:21 . 2008-12-06 19:21 250 --a------ c:\windows\gmer.ini
2008-12-06 19:16 . 2008-12-06 19:16 <DIR> d--h----- c:\windows\PIF
2008-11-23 15:25 . 2008-11-23 15:25 <DIR> d-------- c:\documents and settings\Sam\110 Beta Backup
2008-11-12 19:07 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 19:07 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 05:35 --------- d-----w c:\program files\dl_cats
2008-12-07 05:35 --------- d-----w c:\documents and settings\Sam\Application Data\VMware
2008-12-07 05:34 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2008-12-07 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-12-01 00:21 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-11-28 17:44 --------- d-----w c:\program files\Warcraft III
2008-11-23 20:28 21,840 ----atw c:\windows\system32\SIntfNT.dll
2008-11-23 20:28 17,212 ----atw c:\windows\system32\SIntf32.dll
2008-11-23 20:28 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-11-13 03:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-13 01:03 --------- d-----w c:\program files\StealthBot
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 18:40 --------- d-----w c:\documents and settings\Sam\Application Data\Move Networks
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-05-19 02:53 168 --sh--r c:\windows\system32\F994C0F45D.sys
2008-05-19 02:53 4,598 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-07_ 0.37.19.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 05:23:28 73,230 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-07 05:38:46 73,230 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-07 05:23:28 428,514 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-07 05:38:46 428,514 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-13 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-26 299008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-14 307200]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-06 106496]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 55856]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-02-01 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ajfhkx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Diablo\\diablo.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\Linksys\WUSBF54G\NICServ.exe [2008-02-14 530432]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2007-11-08 36368]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service []
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-11-08 280392]
R3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);c:\windows\system32\DRIVERS\zd1211Bu.sys [2008-02-14 402432]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-11-08 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-11-08 923216]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-11-08 566872]
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHANS REMOVED - - - -

SSODL-Explorer-{1BBBAA04-88CF-482F-A0BF-661E085A12AB} - c:\documents and settings\All Users\Application Data\Microsoft\Protect\ynlmwdapqw.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\ibrwmlzc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 00:55:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-07 0:56:10
ComboFix-quarantined-files.txt 2008-12-07 05:55:36

Pre-Run: 252,547,596,288 bytes free
Post-Run: 252,531,347,456 bytes free

187 --- E O F --- 2008-11-13 03:54:01



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 7, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 07, 2008 03:56:00
Records in database: 1441542
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 127835
Threat name: 12
Infected objects: 20
Suspicious objects: 0
Duration of the scan: 0138


File name / Threat name / Threats count
C:\Documents and Settings\Sam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-3f4574f7.zip Infected: Exploit.Java.Gimsh.a 1
C:\Program Files\mm.BOT\mm.BOT.546.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ad 1
C:\Program Files\mm.BOT\Tools\mm.FList\mm.FList.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ad 1
C:\Program Files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ad 1
C:\Program Files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ad 1
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\6.tmp Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\olesys.dll.vir Infected: not-a-virus:FraudTool.Win32.SpywareGuard2008.b 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Protect\ie.dll.vir Infected: not-a-virus:FraudTool.Win32.SpywareGuard2008.b 1
C:\Qoobox\Quarantine\C\Program Files\Spyware Guard 2008\spywareguard.exe.vir Infected: not-a-virus:FraudTool.Win32.SpywareGuard2008.f 1
C:\Qoobox\Quarantine\C\Program Files\Spyware Guard 2008\uninstall.exe.vir Infected: not-a-virus:FraudTool.Win32.SpywareGuard2008.b 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ajfhkx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtrSjGx.dll.vir Infected: Trojan.Win32.Monderb.xjk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\khfExuSk.dll.vir Infected: Trojan.Win32.Monderb.xjk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mpnixxvc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScdetysef.dll.vir Infected: Trojan.Win32.Agent.arvz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScfkocjwh.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSjaxpxebi.dll.vir Infected: Backdoor.Win32.TDSS.atb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSvvotpnnt.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wsc32x.exe.vir Infected: not-a-virus:FraudTool.Win32.SpywareGuard2008.e 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-07@0.53.zip Infected: not-a-virus:FraudTool.Win32.SpywareGuard2008.b 1

The selected area was scanned.

[sUBs]

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Documents and Settings\Sam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-3f4574f7.zip"
"C:\Program Files\mm.BOT"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"C:\Program Files\mm.BOT"
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says

[sfuller312]

Quote:

Originally Posted by sUBs

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Documents and Settings\Sam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-3f4574f7.zip"
"C:\Program Files\mm.BOT"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"C:\Program Files\mm.BOT"
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says

first it said "C:\Program Files\mm.BOT"

then i accidentally ran it again and it said

"Deleted Successfully"

[sUBs]

Your system is now clean. Kindly follow these simple steps in order to keep your computer clean and secure:

1. Uninstall ComboFix ... do not skip this step
   This process will perform some post cleanup measures.
   Do this by going to to Start > Run & typing in ComboFix /u
   
   
   
2. ANTIVIRUS SOFTWARE
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
3. Microsoft Windows Update ? http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
4. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

[sfuller312]

thanks again for all of the help !! :)

take it easy, and ill be back if i screw up again :-P